Lucene search
K
JvnMost viewed

5625 matches found

Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2022/06/24 12:0 a.m.•37 views

JVN#51464799: L2Blocker Sensor setup screen vulnerable to authentication bypass

L2Blocker provided by SOFTCREATE CORP. contains a vulnerability CWE-288 in which the login authentication is bypassed by using alternative paths or channels for Sensor. Impact An attacker who can access the device may perform an unauthorized login and obtain the stored information or cause a...

8.1CVSS8.1AI score0.00393EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/07/27 12:0 a.m.•37 views

JVN#33797604: NFC Port Software remover may insecurely load Dynamic Link Libraries

NFC Port Software remover provided by Sony Corporation is an application to remove NFC Port Software. NFC Port Software remover contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries CWE-427. Impact Arbitrary code may be executed with the privilege...

9.3CVSS7.7AI score0.0108EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/06/20 12:0 a.m.•37 views

JVN#73550134: WordPress plugin "Event Calendar WD" vulnerable to cross-site scripting

The WordPress plugin "Event Calendar WD" provided by Web-Dorado contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the logged in user's web browser. Solution Update the plugin Update the plugin according to the information provided by the developer...

6.1CVSS6AI score0.01466EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/06/09 12:0 a.m.•37 views

JVN#34508179: Installer of "Setup file of advance preparation" may insecurely load Dinamic Link Libraries

"Setup file of advance preparation" provided by National Tax Agency is software to setup the environment which is required to use "filing assistance on the NTA website". "Setup file of advance preparation" contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Li...

7.8CVSS7.7AI score0.01128EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/06/06 12:0 a.m.•37 views

JVN#80238098: Hands-on Vulnerability Learning Tool "AppGoat" vulnerable to remote code execution

AppGoat provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN IPA is a hands-on vulnerability learning tool. Hands-on Vulnerability Learning Tool "AppGoat" for Web Application contains a remote code execution vulnerability. Impact When accessing a specially crafted URL, arbitrary code may be...

8.8CVSS8.9AI score0.02325EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/05/19 12:0 a.m.•37 views

JVN#11326581: Empirical Project Monitor - eXtended vulnerable to cross-site scripting

Empirical Project Monitor - eXtended provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN IPA contains a reflected cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Do not use Empirical Project Monitor - eXtended The...

6.1CVSS6.1AI score0.01195EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/03/13 12:0 a.m.•37 views

JVN#88745657: Cybozu KUNAI for Android information management vulnerability

Cybozu KUNAI for Android is a mobile client software for using Cybozu from an Android device. Cybozu KUNAI for Android provides a function to output log information when synchronizing data with Cybozu, however the function is disabled by default. Cybozu KUNAI for Android contains an issue where i...

2.6CVSS3.5AI score0.01052EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2017/01/24 12:0 a.m.•37 views

JVN#12796388: Nessus vulnerable to cross-site scripting

Nessus contains a stored cross-site scripting CWE-79 vulnerability in handling .nessus files. Impact Arbitrary JavaScript may be executed on the user's web browser. Solution Update the Software Update to the latest version according to the information provided by the developer. Products Affected...

5.4CVSS5.5AI score0.01252EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/10/03 12:0 a.m.•37 views

JVN#06726266: Cybozu Office multiple cross-site scripting vulnerabilities

Cybozu Office contains multiple cross-site scripting vulnerabilities below. Cross-site scripting in the "Customapp" function - CVE-2016-4865 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N| Base Score: 4.8 CVSS v2| AV:N/AC:L/Au:S/C:N/I:P/A:N| Base Score:...

5.4CVSS5.4AI score0.00964EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/09/14 12:0 a.m.•37 views

JVN#55389065: CS-Cart add-on "Twigmo" vulnerable to PHP object injection

CS-Cart add-on "Twigmo" contains a PHP object injection vulnerability due to a flaw where untrusted input values are unserialized. Impact A remote attacker may execute arbitrary PHP code. Solution Edit twigmo.php This vulnerability can be addressed by deleting or commenting out the following part...

8.8CVSS9AI score0.02071EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/06/14 12:0 a.m.•37 views

JVN#61317238: ETX-R vulnerable to cross-site request forgery

ETX-R provided by I-O DATA DEVICE, INC. is a wired LAN router. ETX-R contains a cross-site request forgery vulnerability CWE-352. Impact If a user views a malicious page while logged in, unintended operations may be performed. Solution Apply a Workaround The following workarounds may mitigate the...

8.8CVSS8.7AI score0.00629EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/06/07 12:0 a.m.•37 views

JVN#74659077: TERASOLUNA Server Framework for Java(WEB) access restriction bypass vulnerability in the file extention filter

The TERASOLUNA Server Framework for JavaWEB provided by NTT Data Corporation is a software framework for creating web applications. The TERASOLUNA Server Framework for JavaWEB has a function to restrict access to contents with specified file extentions from browser requests. This function may be...

4.3CVSS4.2AI score0.01771EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/05/30 12:0 a.m.•37 views

JVN#33879831: Cybozu Garoon fails to restrict access permissions

Cybozu Garoon is a groupware. Cybozu Garoon fails to restrict access permissions in the API to retrieve the Address Book information. Impact A user may obtain other user's Address Book information. Solution Update the Software Update to the latest version according to the information provided by...

4.3CVSS4.7AI score0.01038EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/05/30 12:0 a.m.•37 views

JVN#13794955: Source code of Old_GSI_Maps prior to January, 2015 vulnerable to directory traversal

kml2jsonp.php contained in source code of OldGSIMaps prior to January, 2015 provided by the Geospatial Information Authority of Japan GSI contains a directory traversal vulnerability CWE-22. Impact When the product is used in Windows, a remote attacker may obtain arbitrary files from the server...

7.5CVSS7.6AI score0.02181EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/05/30 12:0 a.m.•37 views

JVN#40898764: DMM.com Securities FX Apps for Android fail to verify SSL server certificates

Multiple Android Applications provided by DMM.com Securities Co.,Ltd. fail to verify SSL server certificates. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Update the Application Update to the latest version according to the informati...

5.9CVSS5.5AI score0.00928EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/05/27 12:0 a.m.•37 views

JVN#46888319: Japan Connected-free Wi-Fi vulnerable to API execution

Japan Connected-free Wi-Fi provided by NTT Broadband Platform, Inc. contains a vulnerability which allows an arbitrary API to be executed by a man-in-the-middle attacker. Impact Android version of this app may allow an arbitrary API to be executed if permissions to execute that API are granted in...

5.6CVSS5.3AI score0.00782EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/04/04 12:0 a.m.•37 views

JVN#28480773: WisePoint contains issue in preventing clickjacking attacks

WisePoint contains an issue in the protection against clickjacking attacks on the management screen. Impact If a user views a malicious page while logged in, unintended operations may be conducted. Solution Update the Software Update to the latest version according to the information provided by...

6.1CVSS6.1AI score0.01009EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2016/02/15 12:0 a.m.•37 views

JVN#48720230: Cybozu Office access restriction bypass vulnerability

Cybozu Office contains an access restriction bypass vulnerability in multiple functions. Impact A remote unauthenticated attacker may view the information about the groupware. An authenticated attacker may obtain privileged information or may cause specific functions to become unusable. Solution...

5.5CVSS5.6AI score0.01164EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/11/05 12:0 a.m.•37 views

JVN#80144272: Multiple TYPE-MOON games vulnerable to OS command injection

Multiple games provided by TYPE-MOON contain an OS command injection vulnerability CWE-78 due to an issue in loading save data. Impact When specially crafted save data is loaded, an arbitrary OS command may be executed. Solution Apply a Workaround The following workaround can mitigate the affects...

10CVSS6.9AI score0.0372EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/10/29 12:0 a.m.•37 views

JVN#13874649: Enisys Gw vulnerable to cross-site scripting

Enisys Gw provided by Techno Project Japan Co. is an open source groupware. Enisys Gw contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to the information...

4.3CVSS5.8AI score0.01171EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/09/02 12:0 a.m.•37 views

JVN#08494613: NScripter vulnerable to buffer overflow

NScripter is a script engine to build and execute games. NScripter contains a buffer overflow vulnerability due to a flaw in processing save data. Impact By processing a specially crafted save data, arbitrary code may be executed. Solution For developers using NScripter: Update and Rebuild the Ga...

6.8CVSS7.3AI score0.02728EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/04/03 12:0 a.m.•37 views

JVN#68819526: "Restaurant Karaoke SHIDAX" App for Android fails to verify SSL server certificates

"Restaurant Karaoke SHIDAX" App for Android fails to verify SSL server certificates. Impact A man-in-the-middle attack may allow an attacker to eavesdrop on an encrypted communication. Solution Update the Software Update to the latest version according to the information provided by the developer...

5.9CVSS5.5AI score0.00752EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/03/03 12:0 a.m.•37 views

JVN#55063777: Google Captcha (reCAPTCHA) by BestWebSoft vulnerable to CAPTCHA authentication bypass

Google Captcha reCAPTCHA by BestWebSoft is a plugin for WordPress. Google Captcha reCAPTCHA by BestWebSoft contains a CAPTCHA authentication bypass vulnerability CWE-254. Impact If this vulnerability is exploited, an attacker may be able to successfully login to WordPress and access an...

5CVSS6.4AI score0.02351EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/02/13 12:0 a.m.•37 views

JVN#48659722: Smartphone Passbook for Android information management vulnerability

Smartphone Passbook for Android contains an issue where user inputs are output into a log file. Impact Other android applications with permissions to read system log files may obtain information entered by a user. Solution Update the Software Update to the latest version according to the...

1.8CVSS6.2AI score0.00401EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2015/01/27 12:0 a.m.•37 views

JVN#32631078: Multiple ASUS wireless LAN routers vulnerable to cross-site request forgery

Multiple wireless LAN routers provided by ASUS JAPAN Inc. contain a cross-site request forgery vulnerability. Impact If a user views a malicious page while logged in, unintended operations may be conducted. In addition, when this vulnerability is exploited along with the vulnerability stated in...

6.8CVSS6.8AI score0.00636EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/12/12 12:0 a.m.•37 views

JVN#61181790: LinPHA vulnerable to cross-site scripting

LinPHA is a software to manage and host image files on the web. LinPHA contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Do not use LinPHA LinPHA is no longer being developed or maintained, therefore it is recommended to...

4.3CVSS6AI score0.00931EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/12/03 12:0 a.m.•37 views

JVN#70490316: DBD::PgPP vulnerable to SQL injection

DBD::PgPP is a pure-Perl client interface for the PostgreSQL database. DBD::PgPP contains a SQL injection vulnerability. Impact If DBD::PgPP is used in a program, a remote attacker may execute an arbitrary SQL command. Solution Update the software Update to the latest version according to the...

9.8CVSS9.8AI score0.01559EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/09/04 12:0 a.m.•37 views

JVN#50367052: EmFTP may insecurely load executable files

EmFTP contains a flaw when loading files, where an unitended executable file may be loaded when attempting to open a file without an extension. For example, if a text file named "exmaple" without an extension and an executable "example.exe" are in the same directory, attemtping to open the file...

4.4CVSS7.3AI score0.00354EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/08/01 12:0 a.m.•37 views

JVN#22534185: ServerView Operations Manager vulnerable to cross-site scripting

ServerView Operations Manager provided by FUJITSU LIMITED is server management software. ServerView Operations Manager contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version...

4.3CVSS5.9AI score0.01792EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/04/18 12:0 a.m.•37 views

JVN#10319260: Cybozu Remote Service Manager vulnerable to denial-of-service (DoS)

Remote Service Manager provided by Cybozu,Inc. is a software to access on-premise systems such as Cybozu products via "Cybozu Remote Service". Remote Service Manager contains a denial-of-service DoS vulnerability. Impact An attacker may cause a denial-of-service on a server that is installed Remo...

7.8CVSS6AI score0.02334EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2014/01/24 12:0 a.m.•37 views

JVN#69986880: OpenPNE vulnerable to PHP Object Injection

OpenPNE contains an issue in processing Cookie headers, which may result in a PHP Object Injection vulnerability. Impact A remote, unauthenticated attacker may execute an arbitrary PHP code. Solution Apply an update Update to the latest version according to the information provided by the...

7.5CVSS6.8AI score0.01527EPSS
Exploits2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2013/09/20 12:0 a.m.•37 views

JVN#40079308: SEIL Series routers vulnerable in RADIUS authentication

The PPP Access Concentrator PPPAC in SEIL Series routers provided by Internet Initiative Japan Inc. contains an issue when generating random numbers used for RADIUS authentication, which may result in the generated random numbers to be easily predicted. Impact An attacker who can intercept...

4CVSS6.8AI score0.01257EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2013/09/20 12:0 a.m.•37 views

JVN#70245052: D-Link DES-3810 Series vulnerable to denial-of-service (DoS)

DES-3810 Series provided by D-Link Japan contains a denial-of-service DoS vulnerability due to an issue in SSH implementation. Impact A user who can login with SSH may cause the product to stop responding. Solution Update the Firmware Update the firmware to version R2.20.011 or later according to...

6.3CVSS6.3AI score0.01054EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2013/06/27 12:0 a.m.•37 views

JVN#04161229: EC-CUBE vulnerable to directory traversal

EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a directory traversal vulnerability. Note that this vulnerability is different from JVN43886811. Impact A remote attacker may obtain arbitrary image files on the server. Solution Apply the updat...

5CVSS6.4AI score0.01862EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2012/11/07 12:0 a.m.•37 views

JVN#18223913: BeZIP vulnerable to directory traversal

BeZIP provided by Be Graph Co.,Ltd. is a file compression/extraction software supporting ZIP and LZH formats. BeZIP contains a directory traversal vulnerability. Impact An arbitrary file may be created or altered when extracting a specially crafted file. Solution Update the software Update to the...

5CVSS6.3AI score0.01943EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2012/06/06 12:0 a.m.•37 views

JVN#24646833: SEIL series fail to restrict access permissions

SEIL series are wireless LAN routers. SEIL series contain an issue where access permissions are not restricted. Impact An attacker that can access the product's HTTP proxy may bypass restrictions such as the URL filter. Solution Update the Software Update to the latest version of the firmware...

2.6CVSS6.6AI score0.01211EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2012/05/25 12:0 a.m.•37 views

JVN#85934986: Logitec LAN-W300N/R series fails to restrict access permissions

The LAN-W300N/R series are wireless LAN routers. Logitec LAN-W300N/R series contain an issue where access permissions are not restricted. Impact An attacker that can access the product may log in with administrative privileges. As a result, settings may be changed or altered by the attacker who...

10CVSS6.2AI score0.05867EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2012/05/21 12:0 a.m.•37 views

JVN#86044443: iLunascape for Android vulnerable in the WebView class

iLunascape for Android is a web browser for Android devices. iLunascape for Android contains a vulnerability in the WebView class. Impact If a user of the affected product uses other malicious Android application, information managed by the affected product may be disclosed. Solution Update the...

5CVSS6.2AI score0.01513EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2012/04/13 12:0 a.m.•37 views

JVN#90055996: Dokodemo Rikunabi 2013 vulnerable to cross-site scripting

Dokodemo Rikunabi 2013 is an extension for Google Chrome. Dokodemo Rikunabi 2013 contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on user's Google Chrome. Solution Update the software Update to the latest version according to the information provided by th...

4.3CVSS5.9AI score0.01968EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2012/02/23 12:0 a.m.•37 views

JVN#49836527: Movable Type vulnerable to cross-site scripting

mt-wizard.cgi and Movable Type templates contain a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version of each product according to the information provided by the developer. Products...

4.3CVSS5.7AI score0.0134EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2012/01/23 12:0 a.m.•37 views

JVN#65869891: glucose 2 vulnerable to arbitrary script execution

glucose 2 is an RSS reader. glucose 2 is vulnerable to arbitrary script execution which is inserted in RSS feed, due to the improper processing of RSS feed output. Impact An arbitrary script may be executed on the vulnerable system. Solution Update the software Update to the latest version...

4.3CVSS6.5AI score0.01135EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/11/04 12:0 a.m.•37 views

JVN#37223351: WebObjects vulnerable to cross-site scripting

WebObjects provided by Apple is a web application server. WebObjects contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version according to the information provided by the develope...

4.3CVSS5.6AI score0.00845EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/11/04 12:0 a.m.•37 views

JVN#71349007: Opengear console servers vulnerable to authentication bypass

Opengear console servers are for managing servers and network products. Opengear console servers contain an authentication bypass vulnerability. Impact A remote attacker may change the settings in the Opengear console server or gain access to products that are connected to the console server...

7.5CVSS6.8AI score0.01367EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/10/14 12:0 a.m.•37 views

JVN#44496332: EC-CUBE vulnerable to SQL injection

EC-CUBE provided by LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains an issue in assembling SQL statements, leading to a SQL injection vulnerability. This vulnerability is different from JVN81111541 and JVN19072922. Impact A remote, unauthenticated attacke...

7.5CVSS7AI score0.02334EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2011/09/09 12:0 a.m.•37 views

JVN#45458289: Megalith vulnerable to authentication bypass

Megalith is a bulletin board software. Megalith contains an authentication bypass vulnerability. Impact A remote attacker may obtain administrative privileges. Solution Update the software Update to the latest version according to the information provided by the developer. Products Affected...

7.5CVSS6.7AI score0.01661EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2010/11/04 12:0 a.m.•37 views

JVN#01948274: Ichitaro series vulnerable to arbitrary code execution

The "Ichitaro" series word processing software, from JustSystems Corporation contains a vulnerability that may allow arbitrary code execution. Impact When opening a specially crafted file locally or through a website, an attacker may be able to execute arbitrary code. Solution Update the Software...

9.3CVSS6.9AI score0.05557EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2010/06/02 12:0 a.m.•37 views

JVN#58439007: e-Pares vulnerable to cross-site scripting

e-Pares is a system that manages facility conference rooms, etc. information. e-Pares contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to the information provide...

4.3CVSS5.9AI score0.01645EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2010/06/01 12:0 a.m.•37 views

JVN#17293765 Ichitaro series vulnerable to arbitrary code execution

The "Ichitaro" series word processing software, from JustSystems Corporation contains a vulnerability that may allow arbitrary code execution. Impact When opening a specially crafted file locally or through a website, an attacker may be able to execute arbitrary code. Solution Update the software...

9.3CVSS7.2AI score0.05557EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2009/09/09 12:0 a.m.•37 views

JVN#62211338 Buffer overflow vulnerability in Microsoft Windows

Windows Media Format Runtime included in Microsoft Windows contains a buffer overflow vulnerability when parsing specific files. Impact If a user opens a specially crafted file, an attacker may execute arbitrary code. Solution Update the software Apply the update according to the information...

9.3CVSS6.8AI score0.2121EPSS
Exploits2
Japan Vulnerability Notes
Japan Vulnerability Notes
•added 2009/08/27 12:0 a.m.•37 views

JVN#68640473 bingo!CMS core and bingo!CMS vulnerable to cross-site request forgery

bingo!CMS core and bingo!CMS are content management systems CMS. bingo!CMS core and bingo!CMS contain a cross-site request forgery vulnerability. Impact If a user views a malicious web page while logged into the CMS, an attacker could modify configurations or modify contents managed by CMS...

6.8CVSS6.4AI score0.00991EPSS
Exploits0
Total number of security vulnerabilities5000